Social Media Is More Appealing to Cybercriminals Than Ever
As the human population gets more digitized every year, we are looking at a significant increase in online retail. Only in November and December of the last year, the global online shopping revenue was predicted to hit the $768 billion mark, with a lot of this money coming from social media shopping.
Nearly 40% of the Gen Z population said that they like the idea of ‘purchase’ buttons on social media posts, and major players like Instagram seem to deliver in this field. However, as social media shopping gets more and more popular in our collective daily routines, there is also an increase in cybercriminal activity to the point where a lack of adequate solutions can lead to mass abandonment of these platforms.
If we draw parallels between corporate online stores and standard eCommerce shops, transactions conducted on social media shopping platforms are 20% more prone to cyber and malware attacks. Such attacks, according to some studies, generate more than $3.25 billion each year.
Common Types of SM Cyber Attacks
Among all the types of social media cyber attacks, probably the most common is using fake profiles to mimic someone else’s online identity. One might think that this resorts only to smaller scales, like individuals unknown to wider masses. However, this is not the case. There are numerous fake profiles of celebrities, politicians, or others in the public eye that look to distribute detrimental phishing campaigns or mass-scale malware to millions of people.
Other than acting as publicly influential individuals, attackers often look to falsely present themselves as executives of large corporations, and thus spread misinformation and instruct major groups of employees to do whatever these attackers want. Needless to say, this is extremely detrimental to corporations and organizations.
Catfishing is another way of scamming people, typically on a smaller scale. Catfishers pretend to be a high-profile individual and look to divulge various information from their victims. Other than information, attackers use catfishing to gain profit directly or even through blackmail, by threatening to expose previously obtained sensitive data.
Another smart case of cybercrime is reconnaissance. This form of crime is not simple to detect. Namely, a victim of such attacks is often a non-suspecting individual who is notorious for oversharing on social media and who is more likely to give out their location, education, relationship, or personal taste information to their online following.
After going through enough of this data, attackers put together incredibly convincing masquerades in forms of fake profiles of their potential acquaintances, and lure these victims into clicking on malicious links or revealing their email or banking info.
What’s worse, many people use their child’s or pet’s names as their email or social media profile passwords or security questions. Others even use birthdays, phone numbers, and similar. Sharing these details on social media might be innocent, but those who choose to attack unsuspecting victims find such data more than useful.
This is fairly similar to the standard hijacking of brand profiles. In these cases, however, hijackers use profiles that are verified on social media and do their damage through spreading malicious content or massive scams.
Back in 2018, Target’s Twitter profile was compromised and used for luring numerous customers into participating in a scam giveaway. It should have been obvious since the fake contest included Bitcoin transactions, which can go untraced.
Ultimately, the scammed victims were asked to transact anywhere from 0.2 to 2 bitcoins for the verification of their address and were told that they could get 2 to 40 bitcoins as a reward. In a single day, 121 crypto transactions were made, and the damage came up to more than 5,863 BTC, or nearly $37,000. Had the scam been less technical, the eventual number of the scammed would be far larger.
Psychologically manipulative acts of cybercrime are often connected to social engineering. Social media users are tricked into clicking on malware links or opening files found in emails or private messages using psychological factors of fear, the curiosity of the victim, the urgency of the moment, compromise of intimacy, and others.
The success story of the social engineering scams comes from the fact that attackers continue to create incredibly elaborate and legit emails because of everything victims tend to share on their social media. After thoroughly inspecting the victim’s digital presence, it is much simpler for them to tailor believable scam emails or direct messages, which are the most common way of spreading malicious content.
How to Prevent Social Media Cybercrime
Digital hygiene is now more important than it ever was. As you likely have a profile on numerous platforms (Facebook, Instagram, LinkedIn, Twitter, to name a few), it is important to follow these steps:
- Do not disclose your email address to anyone you do not know, especially if that email address threads through your banking accounts, other social media accounts, your job, etc. In case you are discussing a job opportunity on platforms like LinkedIn, or you are contacted by a recruiter you do not know personally, create a new email address that will in no way be connected to your current online presence.
- Keep updating your apps and software, especially your antivirus, and keep your system up to date. Thousands upon thousands of experts work on these updates to keep you safe and fill potential holes that would make breaches easier.
- If an offer sounds too good to be true, it’s most likely a scam. Never trust unknown sources that offer simple ways of obtaining large sums of money.
- Keep your circles smaller. Networking is important, but not as important as your digital safety.